Don't put a JWT in core.user.

git-svn-id: https://www.unprompted.com/svn/projects/tildefriends/trunk@4348 ed5197a5-7fde-0310-b194-c3ffbd925b24
2023-07-16 22:03:47 +00:00
parent 6ef466f3ed
commit eb203c7e62
2 changed files with 13 additions and 9 deletions
--- a/core/auth.js
+++ b/core/auth.js
@@ -260,12 +260,17 @@ function query(headers) {
 		return {
 			session: entry,
 			permissions: autologin ? getPermissionsForUser(autologin) : getPermissions(session),
-			refresh: {
-				token: makeJwt({name: entry.name}),
-				interval: kRefreshInterval,
-			}, 
 		};
 	}
 }

-export { handler, query };
+function make_refresh(credentials) {
+	if (credentials?.session?.name) {
+		return {
+			token: makeJwt({name: credentials.session.name}),
+			interval: kRefreshInterval,
+		};
+	}
+}
+
+export { handler, query, make_refresh };